This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

At the time I could fetch it and read it, but now it seems inaccessible. In fact, it appeared inaccessible again when I wrote the post, so I might have missed some details typing out of memory. I think the summary should be a reasonably accurate reflection of the content however.

The whole thing is pretty interesting all told, as it sheds some light on the hurdles of adding extra security layers to such an as sprawling application platform as a web-browser. It doesn't really invalidate any of the techniques that Microsoft employs in Vista (ASLR seems rather damaged by it, but the NOP slide really needs the DEP circumvention to be practical, and ASLR after all prevents attempts to jump to pre-existing code), but it does illustrate what may be a wider problem for applications of this nature.

A bit unfortunate really that the article is so vague and sensationalistic, as it could have been an interesting topic of discussion but ended up a bit flamebaitish.